Bump the pip-deps group across 1 directory with 8 updates

[dependabot]

Bumps the pip-deps group with 8 updates in the / directory:

Package	From	To
boto3	1.43.18	1.43.29
flask-cors	6.0.2	6.0.5
moto	5.2.1	5.2.2
pytest	9.0.3	9.1.0
ruff	0.15.15	0.15.17
openapi-spec-validator	0.8.5	0.9.0
cfn-lint	1.51.2	1.51.4
cryptography	48.0.0	49.0.0

Updates boto3 from 1.43.18 to 1.43.29

Commits

• 3d3204c Merge branch 'release-1.43.29'
• 4cc6c64 Bumping version to 1.43.29
• 73137ea Add changelog entries from botocore
• b42ee1d Bump https://github.com/astral-sh/ruff-pre-commit (#4798)
• 803cba4 Merge branch 'release-1.43.28'
• 1ed6c48 Merge branch 'release-1.43.28' into develop
• 0044dd3 Bumping version to 1.43.28
• 43e2d2a Add changelog entries from botocore
• 5d9ac3e Merge branch 'release-1.43.27'
• 52b9481 Merge branch 'release-1.43.27' into develop
• Additional commits viewable in compare view

Updates flask-cors from 6.0.2 to 6.0.5

Release notes

Sourced from flask-cors's releases.

6.0.5

Supersedes 6.0.4

What's Changed

• Add MyPy Typing and modernize options parsing by @​corydolphin in corydolphin/flask-cors#409 (this broke strict type checking when using Blueprints)
• Restore Blueprint support in CORS type signatures (#410) by @​corydolphin in corydolphin/flask-cors#411

Full Changelog: corydolphin/flask-cors@6.0.3...6.0.5

6.0.4

What's Changed

• Add MyPy Typing by @​corydolphin in corydolphin/flask-cors#409

Full Changelog: corydolphin/flask-cors@6.0.3...6.0.4

6.0.3

What's Changed

• Derive package version from git tag via setuptools-scm by @​corydolphin in corydolphin/flask-cors#405
• Improve CI/CD security with least privilege and build separation by @​corydolphin in corydolphin/flask-cors#406

Full Changelog: corydolphin/flask-cors@6.0.2...6.0.3

6.0.3-pre

What's Changed

• Derive package version from git tag via setuptools-scm by @​corydolphin in corydolphin/flask-cors#405
• Improve CI/CD security with least privilege and build separation by @​corydolphin in corydolphin/flask-cors#406

Full Changelog: corydolphin/flask-cors@6.0.2...6.0.3

Commits

• 91ebc49 Typing Hotfix: support blueprints in the type system
• d601665 Add strict MyPy Typing
• c8e8871 Harden release publishing workflow (#406)
• e1d4034 Derive package version from git tag via setuptools-scm (#405)
• See full diff in compare view

Updates moto from 5.2.1 to 5.2.2

Changelog

Sourced from moto's changelog.

5.2.2

Docker Digest for 5.2.2: sha256:d8ae5edc2bf080e7e4c13f9bd4b29b53ac3b4427e92956318db3dbe23ec43eb7

New Methods:
    * DS:
        * disable_radius()
        * enable_radius()
* KinesisAnalyticsV2:
    * untag_resource()


Logs:

start_live_tail()



SESv2:

update_contact()
update_contact_list()



SWF:

tag_resource()
untag_resource()





Miscellaneous:

* ACM: import_certificate() now accepts certificates without a CN

* ACM: request_certificate() now preserves the default options when not all are provided

* CloudFormation: Created Lambda resources now take the use_docker-configuration into account

* CloudFormation: update_stack_instances() now validates that a StackInstance exists

* Events: create_partner_event_source() now returns the EventSourceArn-attribute

* Route53: list_resource_record_sets() no longer returns a TTL for aliases

* S3: completed_multipart_upload() is now compatible with external tools like PyArrow

* S3: get_object() now supports all Response* headers

Commits

• 8375955 Pre-Release: Up Version Number
• 325f859 Prepare release 5.2.2 (#10059)
• a3ced98 S3: get_object() now honors ResponseContentDisposition etc headers (#10057)
• d0cf348 ACM: support certs without CN (#9912)
• cbd409a Bump the go-deps group in /other_langs/tests_go with 6 updates (#10054)
• f47b7b1 Bump the java-deps group in /other_langs/tests_java with 5 updates (#10053)
• 33c406f Bump ruby/setup-ruby from 1.306.0 to 1.310.0 (#10052)
• be0341c S3: fix CompleteMultipartUpload root level XML tag (#10056)
• 0f171e3 chore: update SSM default parameters (#10051)
• 2329a62 chore: update EC2 Instance Offerings (#10048)
• Additional commits viewable in compare view

Updates pytest from 9.0.3 to 9.1.0

Release notes

Sourced from pytest's releases.

9.1.0

pytest 9.1.0 (2026-06-13)

Removals and backward incompatible breaking changes

• #14533: When using --doctest-modules, autouse fixtures with module, package or session scope that are defined inline in Python test modules (not plugins or conftests) will now possibly execute twice.

  If this is undesirable, move the fixture definition to a conftest.py file if possible.

  Technical explanation for those interested: When using --doctest-modules, pytest possibly collects Python modules twice, once as pytest.Module and once as a DoctestModule (depending on the configuration). Due to improvements in pytest's fixture implementation, if e.g. the DoctestModule collects a fixture, it is now visible to it only, and not to the Module. This means that both need to register the fixtures independently.

Deprecations (removal in next major release)

• #10819: Added a deprecation warning for class-scoped fixtures defined as instance methods (without @classmethod). Such fixtures set attributes on a different instance than the test methods use, leading to unexpected behavior. Use @classmethod decorator instead -- by yastcher.

  See 10819 and 14011.

• #12882: Calling request.getfixturevalue() <pytest.FixtureRequest.getfixturevalue> during teardown to request a fixture that was not already requested is now deprecated and will become an error in pytest 10.

  See dynamic-fixture-request-during-teardown for details.

• #13409: Using non-~collections.abc.Collection iterables (such as generators, iterators, or custom iterable objects) for the argvalues parameter in @pytest.mark.parametrize <pytest.mark.parametrize ref> and metafunc.parametrize <pytest.Metafunc.parametrize> is now deprecated.

  These iterables get exhausted after the first iteration, leading to tests getting unexpectedly skipped in cases such as running pytest.main() multiple times, using class-level parametrize decorators, or collecting tests multiple times.

  See parametrize-iterators for details and suggestions.

• #13946: The private config.inicfg attribute is now deprecated. Use config.getini() <pytest.Config.getini> to access configuration values instead.

  See config-inicfg for more details.

• #14004: Passing baseid to ~pytest.FixtureDef or nodeid strings to fixture registration APIs is now deprecated. These are internal pytest APIs that are used by some plugins.

  Use the node parameter instead for fixture scoping. This enables more robust node-based matching instead of string prefix matching. If you've used nodeid=None, pass node=session instead.

  This will be removed in pytest 10.

• #14335: The method of configuring hooks using markers, deprecated since pytest 7.2, is now scheduled to be removed in pytest 10. See hook-markers for more details.

• #14434: The --pastebin option is now deprecated.

... (truncated)

Commits

• b2522cf Prepare release version 9.1.0
• 368d2fc [refactor] Tighten SetComparisonFunction to Iterator[str] (#14587)
• ff77cd8 [refactor] Make base assertion comparisons return an iterator instead of a li...
• 0d8491a build(deps): Bump actions/stale from 10.2.0 to 10.3.0
• 4a809d9 Merge pull request #14568 from pytest-dev/register-fixture
• 5dfa385 Fix recursion traceback test to cover all styles (#14582)
• f52ff0c Add pytest.register_fixture
• a8ac094 Merge pull request #14567 from pytest-dev/more-visibility-deprecate
• e5620cd [pre-commit.ci] pre-commit autoupdate (#14577)
• 2ce9c6d Merge pull request #14540 from minbang930/fix-14533-doctest-module-fixtures
• Additional commits viewable in compare view

Updates ruff from 0.15.15 to 0.15.17

Release notes

Sourced from ruff's releases.

0.15.17

Release Notes

Released on 2026-06-11.

Preview features

• Allow human-readable names in suppression comments (#25614)
• Fix handling of ignore comments within a disable/enable pair (#25845)
• Prioritize human-readable names in CLI output (#25869)
• Respect diagnostic start and parent ranges and trailing comments in ruff:ignore suppressions (#25673)
• [flake8-async] Add trio.as_safe_channel to safe decorators (ASYNC119) (#25775)
• [flake8-pytest-style] Also check pytest_asyncio fixtures (#25375)
• [ruff] Ban pytest autouse fixtures (RUF076) (#25477)
• [pyupgrade] Add from __future__ import annotations automatically (UP007, UP045) (#23259)

Bug fixes

• Fix diagnostic when ruff:enable or ruff:disable appears where ruff:ignore is expected (#25700)
• [pyupgrade] Preserve leading empty literals to avoid syntax errors (UP032) (#25491)

Rule changes

• [flake8-pytest-style] Clarify diagnostic message for single parameters (PT007) (#25592)
• [numpy] Drop autofix for np.in1d (NPY201) (#25612)
• [pylint] Exempt Python version comparisons (PLR2004) (#25743)

Performance

• Reserve AST Vecs with correct capacity for common cases (#25451)

Formatter

• Preserve whitespace for Quarto cell option comments (#25641)

CLI

• Allow rule names in ruff rule (#25640)

Other changes

• Fix playground diagnostics scrollbars (#25642)

Contributors

• @​SuryanshSS1011
• @​anishgirianish
• @​romero-deshaw
• @​karlhillx
• @​carljm

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.17

Released on 2026-06-11.

Preview features

• Allow human-readable names in suppression comments (#25614)
• Fix handling of ignore comments within a disable/enable pair (#25845)
• Prioritize human-readable names in CLI output (#25869)
• Respect diagnostic start and parent ranges and trailing comments in ruff:ignore suppressions (#25673)
• [flake8-async] Add trio.as_safe_channel to safe decorators (ASYNC119) (#25775)
• [flake8-pytest-style] Also check pytest_asyncio fixtures (#25375)
• [ruff] Ban pytest autouse fixtures (RUF076) (#25477)
• [pyupgrade] Add from __future__ import annotations automatically (UP007, UP045) (#23259)

Bug fixes

• Fix diagnostic when ruff:enable or ruff:disable appears where ruff:ignore is expected (#25700)
• [pyupgrade] Preserve leading empty literals to avoid syntax errors (UP032) (#25491)

Rule changes

• [flake8-pytest-style] Clarify diagnostic message for single parameters (PT007) (#25592)
• [numpy] Drop autofix for np.in1d (NPY201) (#25612)
• [pylint] Exempt Python version comparisons (PLR2004) (#25743)

Performance

• Reserve AST Vecs with correct capacity for common cases (#25451)

Formatter

• Preserve whitespace for Quarto cell option comments (#25641)

CLI

• Allow rule names in ruff rule (#25640)

Other changes

• Fix playground diagnostics scrollbars (#25642)

Contributors

• @​SuryanshSS1011
• @​anishgirianish
• @​romero-deshaw
• @​karlhillx
• @​carljm
• @​ntBre

... (truncated)

Commits

• 7c645a9 Bump 0.15.17 (#25872)
• f381eb1 Prioritize human-readable names in CLI output (#25869)
• b9b4546 Minor workflow simplification (#25870)
• 1e77ba0 [ty] Move PreformattedBlockScanner to format-agnostic location. (#25856)
• 6f2b772 [ty] Preserve nominal type of enum.property instances (#25849)
• be4777c [ty] Fix site-package error when multiple versions of pythons are installed i...
• 53f6ff7 Allow human-readable names in suppression comments (#25614)
• 6740325 [ty] Restrict uncached raw signature access (#25866)
• 970b1bf Auto-update snapshots when syncing typeshed (#25841)
• 0785793 Fix handling of ignore comments within a disable/enable pair (#25845)
• Additional commits viewable in compare view

Updates openapi-spec-validator from 0.8.5 to 0.9.0

Release notes

Sourced from openapi-spec-validator's releases.

0.9.0

Upgrades

• Upgrade schema-validator 0.9 #505
• Upgrade jsonschema-path 0.5 #506

Backward incompatibilities

• Validation results may change for specifications that previously relied on discriminator-based narrowing or on discriminator mapping resolution errors during validation. #505

Commits

• 2121137 Version 0.9.0
• ee4683b Merge pull request #506 from python-openapi/feature/upgrade-jsonschema-path-0.5
• 692131c Upgrade jsonschema-path 0.5
• 27cb341 Merge pull request #505 from python-openapi/feature/upgrade-schema-validator-...
• 4413a52 Upgrade schema-validator 0.9
• f407ed7 Merge pull request #484 from python-openapi/dependabot/pip/isort-8.0.1
• 081f3be Bump isort from 8.0.0 to 8.0.1
• d931faf Merge pull request #497 from python-openapi/dependabot/pip/mypy-1.20.2
• f8c6261 Bump mypy from 1.19.1 to 2.1.0
• 1b5dafd Merge pull request #500 from python-openapi/dependabot/pip/urllib3-2.7.0
• Additional commits viewable in compare view

Updates cfn-lint from 1.51.2 to 1.51.4

Release notes

Sourced from cfn-lint's releases.

Release v1.51.4

What's Changed

• fix: E3042 false positive when Essential is omitted from ECS containers by @​kddejong in aws-cloudformation/cfn-lint#4536
• Update CloudFormation schemas to 2026-06-03 by @​github-actions[bot] in aws-cloudformation/cfn-lint#4534

Full Changelog: aws-cloudformation/cfn-lint@v1.51.3...v1.51.4

Release v1.51.3

What's Changed

• fix: Allow ProvisionedThroughput with 0 values when BillingMode is PAY_PER_REQUEST by @​kddejong in aws-cloudformation/cfn-lint#4524
• Revert: S3 bucket names with uppercase should remain an error by @​kddejong in aws-cloudformation/cfn-lint#4528
• fix: Allow ARN format for Lambda FunctionName property by @​kddejong in aws-cloudformation/cfn-lint#4529
• feat: Add OpenSearch instance type validation from pricing API by @​kddejong in aws-cloudformation/cfn-lint#4525
• fix: Sync update_schemas_manually.py with committed manual.json files by @​kddejong in aws-cloudformation/cfn-lint#4530
• Update CloudFormation schemas to 2026-06-02 by @​github-actions[bot] in aws-cloudformation/cfn-lint#4523
• fix: Update Lambda runtime lifecycle dates from AWS docs by @​kddejong in aws-cloudformation/cfn-lint#4532

Full Changelog: aws-cloudformation/cfn-lint@v1.51.2...v1.51.3

Changelog

Sourced from cfn-lint's changelog.

v1.51.4

What's Changed

• fix: E3042 false positive when Essential is omitted from ECS containers by @​kddejong in aws-cloudformation/cfn-lint#4536
• Update CloudFormation schemas to 2026-06-03 by @​github-actions[bot] in aws-cloudformation/cfn-lint#4534

Full Changelog: aws-cloudformation/cfn-lint@v1.51.3...v1.51.4

v1.51.3

What's Changed

• fix: Allow ProvisionedThroughput with 0 values when BillingMode is PAY_PER_REQUEST by @​kddejong in aws-cloudformation/cfn-lint#4524
• Revert: S3 bucket names with uppercase should remain an error by @​kddejong in aws-cloudformation/cfn-lint#4528
• fix: Allow ARN format for Lambda FunctionName property by @​kddejong in aws-cloudformation/cfn-lint#4529
• feat: Add OpenSearch instance type validation from pricing API by @​kddejong in aws-cloudformation/cfn-lint#4525
• fix: Sync update_schemas_manually.py with committed manual.json files by @​kddejong in aws-cloudformation/cfn-lint#4530
• Update CloudFormation schemas to 2026-06-02 by @​github-actions[bot] in aws-cloudformation/cfn-lint#4523
• fix: Update Lambda runtime lifecycle dates from AWS docs by @​kddejong in aws-cloudformation/cfn-lint#4532

Full Changelog: aws-cloudformation/cfn-lint@v1.51.2...v1.51.3

Commits

• aa3fd8a Release v1.51.4 (#4537)
• 312f4a0 Update CloudFormation schemas to 2026-06-03 (#4534)
• 414222a fix: E3042 false positive when Essential is omitted from ECS containers (#4536)
• c065c7e Release v1.51.3 (#4533)
• afd7953 fix: Update Lambda runtime lifecycle dates from AWS docs (#4532)
• 7d296bb Update CloudFormation schemas to 2026-06-02 (#4523)
• 8b8a663 fix: Sync update_schemas_manually.py with committed manual.json files (#4530)
• 52d689f feat: Add OpenSearch instance type validation from pricing API (#4525)
• adba00c fix: Allow ARN format for Lambda FunctionName property (#4529)
• 976b861 Revert: S3 bucket names with uppercase should remain an error (#4528)
• Additional commits viewable in compare view

Updates cryptography from 48.0.0 to 49.0.0

Changelog

Sourced from cryptography's changelog.

49.0.0 - 2026-06-12

* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.
  We now only publish ``arm64`` wheels for macOS.
* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.
  Users should move to a 64-bit Python installation.
* **BACKWARDS INCOMPATIBLE:** Removed the deprecated
  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,
  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,
  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use
  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,
  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``
  instead. These were deprecated in version 40.0.
* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`
  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block
  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.
  Attempting to encrypt or decrypt more data than the counter allows before it
  would overflow now raises a :class:`ValueError` rather than silently diverging
  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows
  encrypting up to 256 GiB with a given nonce.
* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA
  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises
  a :class:`ValueError`. Such certificates are invalid, but older versions of
  Java emitted them; previously they loaded with a deprecation warning.
* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``
  is set. The build now derives the Python include directory from
  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which
  previously caused the build to fail during cross-compilations for embedded
  systems, on hosts which have same-version Python development headers
  installed as the target Python.
* Added support for signing and verifying X.509 certificates, certificate
  signing requests, and certificate revocation lists with
  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading
  certificates that contain ML-DSA public keys.
* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to
  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the
  encapsulated key from the ciphertext returned by
  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.
* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,
  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and
  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`
  now accept any extension type. Previously only a fixed set of extension
  types was supported, which made it impossible to account for otherwise
  unrecognized critical extensions during path validation.
* Added support for using :class:`~cryptography.x509.Certificate`,
  :class:`~cryptography.x509.CertificateSigningRequest`, and
  :class:`~cryptography.x509.CertificateRevocationList` as field types in
  :doc:`/hazmat/asn1/index` structures.
* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that
</tr></table> 

... (truncated)

Commits

• e300bbe bump version and changelog for 49.0.0 (#15030)
• fa74cd8 Add external mu (message representative) support for ML-DSA (#14979)
• f594db3 chore(deps): bump openssl from 0.10.80 to 0.10.81 (#15029)
• 608e011 chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (#15028)
• a322bc4 chore(deps): bump cc from 1.2.63 to 1.2.64 (#15027)
• 33181a7 Reject critical nameConstraints extensions containing directoryName constrain...
• 6080dc7 Bump dependencies that dependabot isn't (#15026)
• 121faa3 chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (#15023)
• 829520b Add more robust processing for DH parameters. (#15016)
• 0f05001 Bump downstream dependencies in CI (#15025)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions